[Printing-architecture] [patch] cups-1.7.0: stringpool corruption fix
Michael Sweet
msweet at apple.com
Mon Nov 4 16:27:07 UTC 2013
Tim,
Thanks, looking into this now and have filed this as:
<rdar://problem/15382819> cups.org: String pool corruption bug
On Nov 1, 2013, at 1:02 PM, Tim Waugh <twaugh at redhat.com> wrote:
> There is a long-standing stringpool corruption issue in printers.c.
>
> Attribute values are stored in the global stringpool (implemented in
> cups/string.c), which is reference-counted storage for strings. Strings
> are stored in a sorted, unique array (cups_array_t, implemented in
> cups/array.c).
>
> If the array is found to be unsorted, or a duplicate is found, the
> underlying cups_array_t object switches into "non-unique" mode and
> stores new strings by adding to the pool rather than incrementing the
> reference count for an existing string (see the cups_array_add()
> function).
>
> The accessor functions for the stringpool return "char*" types, but
> these are strings which must not be modified -- doing so will trigger
> the behaviour described above.
>
> In scheduler/printers.c, there are a couple of places which modify
> attribute values in-place. Attached is a patch to fix them.
>
> Tim.
> */
>
> <cups-stringpool-corruption.patch>_______________________________________________
> Printing-architecture mailing list
> Printing-architecture at lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/printing-architecture
____________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
More information about the Printing-architecture
mailing list